fix(examples): make prepare and k3s.orchestration runnable as separate invocations#52
fix(examples): make prepare and k3s.orchestration runnable as separate invocations#52Aleksei Sviridkin (lexfrei) wants to merge 10 commits into
Conversation
The cozystack-tuned k3s flags and CIDRs were set via set_fact in the prepare playbooks, so they only existed inside a single ansible-playbook process. Running prepare-<distro>.yml and k3s.orchestration.site as separate invocations dropped them and produced an upstream-default k3s (traefik, servicelb, flannel, kube-proxy all enabled; wrong CIDRs). Move the settings to examples/*/group_vars/all.yml (inventory scope) so they survive across separate invocations, and remove the now-redundant set_fact tasks and play vars. The group_by task stays as a fallback for custom inventories run via the chained site.yml. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
The k3s_cluster group was created only at runtime by group_by in the prepare playbooks, so a standalone 'ansible-playbook k3s.orchestration.site' invocation found it empty and failed with 'ansible_hostname is undefined'. Declare it statically (children: server, agent) in each example inventory so it is present in any ansible-playbook process. The group_by fallback remains for custom inventories run via the chained site.yml. Also refresh the cozystack_k3s_extra_args comment to point at group_vars/all.yml, where it is now consumed. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
|
Warning Review limit reached
More reviews will be available in 6 minutes and 8 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (6)
📝 WalkthroughWalkthroughCozystack-tuned k3s variables ( Changesk3s Split-Invocation Contract
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related issues
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request refactors the Cozystack-tuned k3s configuration by moving settings from dynamic set_fact calls in the prepare playbooks to static declarations in group_vars/all.yml and inventory.yml across the example environments. This ensures that the configuration persists when running the playbooks in separate invocations. The review feedback suggests updating the Quick start section in the README.md to include the new group_vars directory, and recommends using default("", true) in the group_vars/all.yml files to safely handle cases where cozystack_k3s_extra_args is defined as null.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| ansible.builtin.import_playbook: cozystack.installer.site | ||
| ``` | ||
|
|
||
| The Cozystack-tuned k3s flags (component disables, CIDRs, cluster domain) live in each example's `group_vars/all.yml`, and the `k3s_cluster` group is declared statically in each `inventory.yml`. Both therefore exist in every `ansible-playbook` process, so the steps can be run chained through `site.yml` or as separate invocations: |
There was a problem hiding this comment.
Since the Cozystack-tuned k3s flags have been moved to group_vars/all.yml, the Quick start section earlier in this README (around line 280) should be updated to include the group_vars/ directory (or group_vars/all.yml) in the example file tree. Otherwise, users following the Quick start instructions literally will miss copying this file, resulting in an upstream-default k3s installation.
| # Composed from the Cozystack defaults above plus any operator-supplied | ||
| # extra flags (cozystack_k3s_extra_args from inventory, e.g. --tls-san). | ||
| extra_server_args: >- | ||
| {{ cozystack_k3s_server_args }} {{ cozystack_k3s_extra_args | default("") }} |
There was a problem hiding this comment.
If cozystack_k3s_extra_args is defined as null (e.g., left blank in the inventory like cozystack_k3s_extra_args:), the default("") filter will not be triggered because the variable is technically defined. This can result in the literal string None being appended to extra_server_args, which will cause k3s to fail to start.
Using default("", true) ensures that the default value is used if the variable is undefined or evaluates to a falsy value (such as null or None).
{{ cozystack_k3s_server_args }} {{ cozystack_k3s_extra_args | default("", true) }}| # Composed from the Cozystack defaults above plus any operator-supplied | ||
| # extra flags (cozystack_k3s_extra_args from inventory, e.g. --tls-san). | ||
| extra_server_args: >- | ||
| {{ cozystack_k3s_server_args }} {{ cozystack_k3s_extra_args | default("") }} |
There was a problem hiding this comment.
If cozystack_k3s_extra_args is defined as null (e.g., left blank in the inventory like cozystack_k3s_extra_args:), the default("") filter will not be triggered because the variable is technically defined. This can result in the literal string None being appended to extra_server_args, which will cause k3s to fail to start.
Using default("", true) ensures that the default value is used if the variable is undefined or evaluates to a falsy value (such as null or None).
{{ cozystack_k3s_server_args }} {{ cozystack_k3s_extra_args | default("", true) }}| # Composed from the Cozystack defaults above plus any operator-supplied | ||
| # extra flags (cozystack_k3s_extra_args from inventory, e.g. --tls-san). | ||
| extra_server_args: >- | ||
| {{ cozystack_k3s_server_args }} {{ cozystack_k3s_extra_args | default("") }} |
There was a problem hiding this comment.
If cozystack_k3s_extra_args is defined as null (e.g., left blank in the inventory like cozystack_k3s_extra_args:), the default("") filter will not be triggered because the variable is technically defined. This can result in the literal string None being appended to extra_server_args, which will cause k3s to fail to start.
Using default("", true) ensures that the default value is used if the variable is undefined or evaluates to a falsy value (such as null or None).
{{ cozystack_k3s_server_args }} {{ cozystack_k3s_extra_args | default("", true) }}Document that the Cozystack k3s settings now live in group_vars/all.yml and the k3s_cluster group is declared statically, so prepare-<distro>.yml and k3s.orchestration.site can be run as separate invocations or chained through site.yml. Record the fix as a CHANGELOG bugfix entry. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
069ea32 to
a43b4a8
Compare
Add hack/check-examples-k3s.sh: assert each example declares the k3s_cluster group statically and resolves extra_server_args / server_config_yaml to the Cozystack-tuned values in a fresh process (no prepare run, no set_fact) — the split-invocation path. A companion hack/test-check-examples-k3s.sh self-tests it by perturbing each invariant and asserting a nonzero exit. Both run in the Lint job. Without this guard, a change that moves the flags back into set_fact, drops the static group, or adds a distro example without group_vars would silently reintroduce the upstream-default k3s install with no failing test. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
The changelog had two Unreleased headings — one without an RST underline (it rendered as body text) and one properly underlined. Merge them into a single underlined Unreleased section so every pending entry renders under one heading. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
The prepare playbooks no longer set the k3s server arguments — those moved to group_vars/all.yml. Update the header comment to match rather than describe the removed behavior. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
Extend hack/check-examples-k3s.sh to fail if a prepare playbook references extra_server_args / server_config_yaml. A play-scoped value outranks group_vars on the chained site.yml path while leaving the split-invocation path broken, silently reintroducing the bug. The self-test covers the reintroduction case. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
The pod/service CIDRs are now defined in examples/<distro>/group_vars/all.yml, not set inside the prepare playbooks. Update the network-configuration note to reference the file that actually carries them. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
tests/ci-inventory.yml carries no static k3s_cluster group and no cozystack k3s flags because it is run only through the chained examples/ubuntu/site.yml: the group_by task creates k3s_cluster and examples/ubuntu/group_vars/all.yml supplies extra_server_args / server_config_yaml as playbook-adjacent group_vars, all in one process. Document this so the inventory is not mistaken for a standalone target. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
Signed-off-by: Aleksei Sviridkin <f@lex.la>
Summary
Closes #43.
examples/{ubuntu,rhel,suse}/pass the Cozystack-tuned k3s configuration into thek3s.orchestrationcollection through in-process state only:group_bycreates thek3s_clustergroup and twoset_facttasks setextra_server_args/server_config_yaml.site.ymlchains everything withimport_playbook, so it works — but runningprepare-<distro>.ymlandk3s.orchestration.siteas separateansible-playbookcommands starts a fresh process where that state is gone. The k3s install then silently falls back to upstream defaults (traefik, servicelb, local-storage, metrics-server, flannel, kube-proxy all enabled; wrong CIDRs; nocozy.localdomain), and before that the second run fails outright with'ansible_hostname' is undefinedbecause the group is empty.This moves the configuration to inventory scope so it survives across separate invocations, fixing both the silent misconfiguration and the hard failure. Applied to all three example distros (the bug was identical in each).
Changes
vars+set_factintoexamples/*/group_vars/all.yml(inventory scope);extra_server_args/server_config_yamlare composed there, still appending the operator'scozystack_k3s_extra_args.set_facttasks from the prepare playbooks; keepgroup_byas a fallback for custom inventories run chained viasite.yml.k3s_clustergroup statically in eachinventory.yml(children: server, agent) so it exists in any process.Test plan
ansible-lintpasses (production profile, 0 failures on the changed files)ansible-test sanitypasses (not run locally — examples-only change outside the collection sanity surface; CI covers it)Verified without a live cluster:
ansible-inventory --graphshowsk3s_clusterpopulated with server + agent in all three dirs.extra_server_argsto the full--disable=…set ending in the inventory's--tls-san, andserver_config_yamlto the cluster/service CIDRs — a standalonek3s.orchestration.siteprocess now sees the tuned values.--syntax-checkpasses for all prepare playbooks;hack/check-versions.sh+hack/test-check-versions.shpass (no version drift).Summary by CodeRabbit
New Features
Documentation
Chores